Microsoft (Multiple) - Remote Hacker Automatic Control
-- Products Affected --
Windows 2000, XP, 2003
-- Technical Description --
MS06-072 - Internet Explorer cumulative update. Arbitrary code execution affecting DHTML and active scripting, information disclosure affecting Temporary Internet Files (TIF) folder. Critical.
MS06-073 - Visual Studio 2005. Arbitrary code execution due to WMI Object Broker ActiveX control. Critical.
MS06-074 - SNMP implementation error can lead to arbitrary code execution. Important.
MS06-075 - File Manifest Corruption leading to Privilege Escalation. Important.
MS06-076 - Outlook Express arbitrary code execution at the local user level. Important.
MS06-077 - Remote Installation Service arbitrary code execution (Windows 2000 ONLY). Important.
MS06-078 - Windows Media Format remote arbitrary code execution. This is the
-- Description --
Microsoft delivered seven patches, instead of the expected six, with the December Security Update released today. Even though less than half of the patches are rated as Critical, almost all vulnerabilities can lead to arbitrary code execution for at least some end users. Notable by omission are the most recent Microsoft Word vulnerabilities for which there are targeted exploit attempts in use.
-- Recommended Action --
All users and administrators should apply the updates at the earliest opportunity.
-- Source --
-- Updates Available --
-- External Tracking Data --
CVE-ID: CVE-2006-5579 (MS06-072)
CVE-ID: CVE-2006-5581 (MS06-072)
CVE-ID: CVE-2006-5578 (MS06-072)
CVE-ID: CVE-2006-5577 (MS06-072)
CVE-ID: CVE-2006-4704 (MS06-073)
CVE-ID: CVE-2006-5583 (MS06-074)
CVE-ID: CVE-2006-5585 (MS06-075)
CVE-ID: CVE-2006-2386 (MS06-076)
CVE-ID: CVE-2006-5584 (MS06-077)
CVE-ID: CVE-2006-4702 (MS06-078)
CVE-ID: CVE-2006-6134 (MS06-078)
-- Threat Matrix --
Home User 10 10 (Highly Critical)
Corporate 10 10 (Highly Critical)